Add userdebug selinux config for heapprofd.

Test: m Test: flash sailfish Test: profile system_server Change-Id: I577793af655146ee91be86bb286fcf9d6e6d081d

Add userdebug selinux config for heapprofd.
Test: m Test: flash sailfish Test: profile system_server Change-Id: I577793af655146ee91be86bb286fcf9d6e6d081d
45f4847c · Florian Mayer · f0dc0936 · 45f4847c · 45f4847c · 45f4847c
Commit 45f4847c authored 6 years ago by Florian Mayer
--- a/private/heapprofd.te
+++ b/private/heapprofd.te
 # Android Heap Profiler Daemon go/heapprofd
-type heapprofd, domain, coredomain;
 type heapprofd_exec, exec_type, file_type, system_file_type;
 init_daemon_domain(heapprofd)
+userdebug_or_eng(`
+  # Allow to send signal to processes.
+  # This excludes SIGKILL, SIGSTOP and SIGCHLD,
+  # which are controlled by separate permissions.
+  allow heapprofd self:capability kill;
+  # Executables and libraries.
+  # These are needed to read the ELF binary data needed for unwinding.
+  allow heapprofd system_file:file r_file_perms;
+  allow heapprofd apk_data_file:file r_file_perms;
+  allow heapprofd dalvikcache_data_file:file r_file_perms;
+  allow heapprofd vendor_file_type:file r_file_perms;
+')
+# Write trace data to the Perfetto traced damon. This requires connecting to its
+# producer socket and obtaining a (per-process) tmpfs fd.
+allow heapprofd traced:fd use;
+allow heapprofd traced_tmpfs:file { read write getattr map };
+unix_socket_connect(heapprofd, traced_producer, traced)
+never_profile_heap(`{
+  bpfloader
+  init
+  kernel
+  keystore
+  llkd
+  logd
+  ueventd
+  vendor_init
+  vold
+}')
+full_treble_only(`
+  neverallow heapprofd vendor_file:file { no_w_file_perms no_x_file_perms };
+')
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -5,6 +5,7 @@
 typeattribute system_server coredomain;
 typeattribute system_server mlstrustedsubject;
+can_profile_heap(system_server)
 # Define a type for tmpfs-backed ashmem regions.
 tmpfs_domain(system_server)

--- a/public/domain.te
+++ b/public/domain.te
@@ -995,6 +995,7 @@ full_treble_only(`
        -init
        -installd
        userdebug_or_eng(`-perfprofd')
+        userdebug_or_eng(`-heapprofd')
        -postinstall_dexopt
        -system_server
    } vendor_app_file:dir { open read getattr search };
@@ -1009,6 +1010,7 @@ full_treble_only(`
        -init
        -installd
        userdebug_or_eng(`-perfprofd')
+        userdebug_or_eng(`-heapprofd')
        -postinstall_dexopt
        -system_server
        -mediaserver
@@ -1026,6 +1028,7 @@ full_treble_only(`
        -system_server
        -webview_zygote
        -zygote
+        userdebug_or_eng(`-heapprofd')
    } vendor_overlay_file:dir { getattr open read search };
 ')
@@ -1039,6 +1042,7 @@ full_treble_only(`
        -system_server
        -webview_zygote
        -zygote
+        userdebug_or_eng(`-heapprofd')
    } vendor_overlay_file:file r_file_perms;
 ')
@@ -1109,6 +1113,7 @@ full_treble_only(`
    -init # starts vendor executables
    -kernel # loads /vendor/firmware
    userdebug_or_eng(`-perfprofd')
+    userdebug_or_eng(`-heapprofd')
    -shell
    -system_executes_vendor_violators
    -ueventd # reads /vendor/ueventd.rc
@@ -1446,6 +1451,7 @@ full_treble_only(`
    -init
    -kernel
    -perfprofd
+    -heapprofd
    -ueventd
  } vendor_file:file { no_w_file_perms no_x_file_perms open };
 ')

--- a/public/heapprofd.te
+++ b/public/heapprofd.te
+type heapprofd, domain, coredomain;
--- a/public/te_macros
+++ b/public/te_macros
@@ -643,3 +643,35 @@ define(`hal_attribute_hwservice', `
    neverallow { domain -$1_client -$1_server } $2:hwservice_manager find;
  ')
 ')
+###################################
+# can_profile_heap(domain)
+# never_profile_heap(domain)
+#
+# Opt in our out of heap profiling.
+# This will allow a heap profiling daemon to read this
+# process' address space in order to support unwinding.
+#
+define(`can_profile_heap', `
+  userdebug_or_eng(`
+    # RT signal for client initialization.
+    allow heapprofd $1:process signal;
+    # Connect to heapprofd service.
+    unix_socket_connect($1, heapprofd, heapprofd)
+    # To receive file descriptor.
+    allow heapprofd $1:fd use;
+    # To read from the received file descriptors.
+    # /proc/[pid]/maps and /proc/[pid]/mem have the same SELinux label as the
+    # process they relate to.
+    allow heapprofd $1:file r_file_perms;
+    # This is needed to search the /proc/[pid] directory.
+    allow heapprofd $1:dir r_dir_perms;
+    allow heapprofd $1:process signal;
+  ')
+')
+define(`never_profile_heap', `
+  neverallow heapprofd $1:file read;
+  neverallow heapprofd $1:process signal;
+')